Secure DHCP Server on switches with Nebula

GiuseppeR
GiuseppeR Posts: 93  Ally Member
First Anniversary 10 Comments Friend Collector
edited December 2022 in Nebula
Hello,
I'm deploying some switches on the field, all of them connected with Nebula so remotely managed.
I do not want that if someone plugs a router, in a RJ45 port of a switch (e.g. SwitchABC), this could modify the DHCP server of the SwitchABC creating chaos inside its peripherals.

I saw the option DHCP Server Guard (NCC - Switch - Configure - Switch settings) that, when enabled, seems to lock (with the icon of a closed lock) the DHCP server in status area in NCC - Switch - Monitor - Switch - NameOfTheSwitch

The question is how to secure 2-3 different DHCP servers instead of only one.
I want to enable the possibility to let people move the switch from one site to another (of the same Company) and reconnect it always working.
Different sites means different network leases.

So how can I tell SwitchABC to accept DHCP management from:
192.168.1.1
192.168.2.1
192.168.3.1
IPs of firewalls that I have linked to manage those different sites' networks?

Thanks a lot.



All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,590  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @GiuseppeR,

    You could add some ACLs to secure 2-3 different DHCP servers instead of only one.
    This FAQ shows you how to configure the ACL when there's only one trusted DHCP server, you could add more rules to achieve your requirement.
    Hope it helps.

    Zyxel Melen

Nebula Tips & Tricks